Tag Archive for: Email

Feds probe $283,000 email hack

/in


Nov. 17—TRAVERSE CITY — A September email hack netting a scammer $283,000 in Medicaid reimbursement funds is now being investigated by the U.S. Dept. of Homeland Security.

“There is an agent out of Grand Rapids doing a forensic investigation,” said Brian Martinus, interim CEO of Northern Lakes Community Mental Health Authority.

“They’re working with Northern Lakes and GTI to see if we can recover some of those assets back to the agency,” Martinus said Thursday during a Northern Lakes board meeting.

Traverse City Police previously confirmed the hacker, falsely posing as a representative of Grand Traverse Industries, emailed Northern Lakes asking for banking information.

An unnamed staffer or staffers with Northern Lakes responded by providing the information, police said, and that’s when the theft took place.

Capt. Keith Gills confirmed Thursday that local police have provided information to the federal agency, and that they’re working together on the case.

Gillis said subpoenas have been issued to area banks, their response has been slow and the federal agent assigned to investigate is likely tracking the hacker’s IP address — internet protocol, or the unique number linked to all online activity.

“They used a computer and that leaves a trail,” Gillis said.

This is the second time Martinus has updated Northern Lakes board members on the case, an example of how leaders say they are focused on improving transparency of an organization that has faced a series of financial and other challenges.

The Northern Michigan Regional Entity, which manages Medicaid funds for Northern Lakes, is essentially functioning as an emergency manager after Northern Lakes in September placed two executives on administrative leave and the human resources officer was fired.

Joanie Blamer, chief operations officer, and Lauri Fischer, chief financial officer, remain on paid leave, pending an investigation, Martinus previously said, adding that the decisions were unrelated to the email hack.

Northern Lakes contracted with a professional advisory firm, Rehmann, to take on the responsibilities of a CFO for $45,000 a month beginning Oct. 1, an agreement provided to the Record-Eagle shows.

Rehmann’s Richard Carpenter…

Source…

Encrypted email provider Proton has built its own CAPTCHA service

/in


Image Credits: Oleksandr Hruts / Getty Images

Proton, the Swiss company that develops privacy-focused online services such as email, has developed its very own CAPTCHA service to help discern between genuine login attempts and bots — and it touts the new system as the world’s first CAPTCHA that is “censorship resistant.”

The company said it has already been testing its CAPTCHA system for several months, and has now transitioned to its home-grown solution entirely.

“As we investigated available CAPTCHA options, we weren’t satisfied, so we decided to develop our own,” Eamonn Maguire, a former Facebook engineer who now heads up Proton’s machine learning team, wrote in a blog post. “Our primary goal was to provide a system that doesn’t compromise on privacy, usability and accessibility, or security.”

CAPTCHAs, a contrived acronym that stands for the decidedly less-punchy “completely automated public Turing test to tell computers and humans apart,” have long been used on the web to prevent bots from creating multiple accounts with a specific service, or illicitly trying to access someone else’s account through credential stuffing. This is usually presented to the user in the form of a visual or cognitive challenge, one that is relatively easy for a human to complete but difficult for a machine.

CAPTCHAs, while generally effective, come with trade-offs in terms of usability, accessibility, cultural biases, and annoyances that businesses would prefer not to impose on their users. This is why companies such as Apple and Cloudflare have sought ways to tell the difference between humans and bots automatically using alternative mechanisms, such as through device and telemetry data.

And then there is the elephant in the room that is data privacy, with some CAPTCHA services — notably Google’s ReCAPTCHA — collecting hardware and software data. And for a company such as Proton, which has built an entire business off the back of privacy-focused tools such as email, a VPNpassword manager, cloud storage, calendar, and password manager, it doesn’t make a whole heap of sense to compromise its reputation through relying on such third-party…

Source…

Massive ransomware attack on state email domain

/in


COLOMBO (News 1st) – The Information and Communication Technology Agency of Sri Lanka has officially confirmed a severe data loss incident affecting all government offices using the “gov.lk” email domain, including the Cabinet Office, due to a large-scale ransomware attack between May 17 and August 26, 2023.

The Cabinet Office is one of the entities within the Lanka Government Network (LGN), utilizing the “[email protected]” email domain.

Crucial government information are exchanged via these email domains.

However, ICTA told News 1st that only some data under the purview of the of the President’s Office, Cabinet Office, Ministry of Education, and Ministry of Health were affected by the ransomware attack.

What is a ransomware attack?

Ransomware is a malware designed to deny a user or organization access to files on their computer.

Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. 

Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data.

What happened?

ICTA Communications disclosed that the ransomware could have impacted approximately 5,000 email addresses.

Director of Strategic Communications at ICTA Sampath de Silva told News 1st that there was no offline backup for a critical two-and-a-half-month data period.

The online backup system was also compromised, resulting in the loss of emails during this time frame.

How has the ICTA responded to the incident?

Director of Strategic Communications at ICTA Sampath de Silva  that in response to this incident, ICTA is implementing the following measures:

Daily Offline Backup: ICTA is instituting daily offline backup processes to prevent future data losses.

Application Upgrade: The relevant application will upgrade to the latest version with enhanced defences against virus attacks.

Can the lost data be recovered?

In collaboration with ICTA, the Sri Lanka Computer Emergency Readiness Team (SLCERT) is actively engaged in efforts to recover the lost data.


Latest News

Source…

Microsoft reveals how hackers stole its email signing key… kind of

/in


A series of unfortunate and cascading mistakes allowed a China-backed hacking group to steal one of the keys to Microsoft’s email kingdom that granted near unfettered access to U.S. government inboxes. Microsoft explained in a long-awaited blog post this week how the hackers pulled off the heist. But while one mystery was solved, several important details remain unknown.

To recap, Microsoft disclosed in July that hackers it calls Storm-0558, which it believes are backed by China, “acquired” an email signing key that Microsoft uses to secure consumer email accounts like Outlook.com. The hackers used that digital skeleton key to break into both the personal and enterprise email accounts of government officials hosted by Microsoft. The hack is seen as a targeted espionage campaign aimed at snooping on the unclassified emails of U.S. government officials and diplomats, reportedly including U.S. Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns.

How the hackers obtained that consumer email signing key was a mystery — even to Microsoft — until this week when the technology giant belatedly laid out the five separate issues that led to the eventual leak of the key.

Microsoft said in its blog post that in April 2021, a system used as part of the consumer key signing process crashed. The crash produced a snapshot image of the system for later analysis. This consumer key signing system is kept in a “highly isolated and restricted” environment where internet access is blocked to defend against a range of cyberattacks. Unbeknownst to Microsoft, when the system crashed, the snapshot image inadvertently included a copy of the consumer signing key 1️⃣ but Microsoft’s systems failed to detect the key in the snapshot 2️⃣.

The snapshot image was “subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network” to understand why the system crashed. Microsoft said this was consistent with its standard debugging process, but that the company’s credential scanning methods also did not detect the key’s presence in the snapshot image 3️⃣.

Then, at some point after the snapshot image was moved to…

Source…